-
-
Notifications
You must be signed in to change notification settings - Fork 310
Linuxserver Docker SWAG usage
To use this script with Linux servers docker swag instances to protect Linuxservers SWAG containers from DDoS attacks / exploits is very simple.
You can add to your enviorment variables.
swag:
image: lscr.io/linuxserver/swag:latest
cap_add:
- NET_ADMIN
container_name: swag
restart: always
environment:
- DOCKER_MODS=linuxserver/mods:universal-package-install
- INSTALL_PACKAGES=luajit|lua-resty-lrucache|lua-resty-core|nginx-mod-http-lua
volumes:
- /path/docker/swag:/config #nginx config path
- /path/docker/swag/nginx/lua/anti_ddos_challenge.lua:/config/lua/anti_ddos_challenge.lua #direct fileThen you can edit either your nginx.conf file or default.conf / site-confs folder
And add the following to enable the script.
lua_shared_dict antiddos 70m; #Anti-DDoS shared memory zone to track requests per each unique user
access_by_lua_file /config/nginx/lua/anti_ddos_challenge.lua;Once you saved your nginx.conf or default.conf / site-confs folder be sure to restart the container and all should be working fine and you should be protected.
The reason i use SWAG docker containers is free SSL certs from ZeroSSL or LetsEncrypt this will help prevent DDoS attacks and Flooding of your SWAG containers traffic.
The Flood request and settings can be found here change them to suit your own servers needs. https://github.com/C0nw0nk/Nginx-Lua-Anti-DDoS/blob/master/lua/anti_ddos_challenge.lua#L234